The present invention relates to generation, management and replacement of encryption keys, and more particularly relates to methods for generation, management and replacement of encryption keys in connection with the distribution and management of digital rights in encrypted text or other data.
The ubiquitous nature of the Internet in the business community, and the increasing penetration of the Internet into homes, has generated a new era in the distribution of information to interested recipients. The ease with which volumes of information can be disseminated around the world over the Internet has been demonstrated and documented.
While this ease of distribution is valuable and desirable, in many instances, the informationxe2x80x94whether text, data, code, graphics or some other formxe2x80x94is valuable and its owners prefer that this information not be distributed freely. In such circumstances, the need for a suitable form of protection for the information becomes critical. A conventional approach has been the use of encryption, typically using a combination of a public key and a private key. Such techniques are well known and offer significant security when used properly.
One difficulty with conventional applications of such techniques, however, is that the protected information is, at some point, decrypted for viewing or other use in an insecure environment. At that point, the information is able to be disseminated contrary to the wishes of the owner of the informationxe2x80x94an undesirable result.
U.S. patent application Ser. No. 09/034,720 describes a secure reader for such information, typically though not necessarily for use with text, in which a unique private key is associated with each reader and a public key associated with that reader is available to the owner of the protected information. The owner of the information encrypts the information with the public key, and the information is thereafter downloaded to the associated reader. The reader then decrypts the information with the internally-maintained private key, allowing the user to view the decrypted information.
While this approach offers many advantages, it is important that the public and private security keys not be readily available together during the manufacturing process to avoid potential abuse such as theft or hacking. While there are numerous techniques for attempting to maintain security for encryption keys in a manufacturing environment, most currently available techniques involve both public and private keys (i.e., key pairs) being jointly available at some point during the manufacturing process. One approach is for a remote source (for example, the information owner) to generate the key pairs and to send the private keys to the factory during production. This has the obvious disadvantage that the private keys are, at some point, known to the factory.
Another approach is for the factory to be allowed to generate the key pairs, in which case the public keys will be provided to the owner of the information for use in subsequent downloads of protected information. This, too, suffers from the problem that the key pairs are both available at the factory, and therefore unacceptably subject to theft or other abuse.
Beyond just the manufacturing issues, additional issues exist with secure systems when the reader requires service, is lost, or is otherwise replaced. In most instances, the reader will include significant amounts of purchased content, such that the user will want to have transferred to the new reader all titles or other digital rights that existed in information maintained on the prior reader. With conventional techniques, this again requires that the key pair be available during the manufacturing process; this is, in general, an unacceptable security risk.
The present invention overcomes many of the limitations of the prior art and, more particularly, provides a secure system and method for generating and distributing encryption keys both during manufacturing and thereafter, and for transferring existing digital rights in data from a first device to a replacement or other device.
In particular, the system and method for generating key pairs during the manufacturing process makes it possible to generate the key pairs without both keys in the key pair existing in an insecure environment at any time. More specifically, the present invention permits distributed generation of the public and private keys, with the factory installing secure versions of the key pair in the reading device. The reading device, or reader, is then used to transport the public key in a secure way to an authentication server.
To implement the present invention, the factory public key must be registered with the authentication server, and the authentication server public key must be registered with the factory server or other equipment. The factory equipment automatically generates an encrypted form of the public/private key pair and further generates an appropriate, unique indicia indicative of the associated device. This indicia can also be read directly from the device if the device has an unique indicia built into the hardware, such as a xe2x80x9csilicon serial numberxe2x80x9d available in many CPU and peripheral integrated circuits. The indicia and the new public key of the device is then encrypted with the public key of the authentication server, and appends to the indicia the authentication server public key. The indicia and appended public key are then hashed and signed with the factory private key to generate a device certificate, which is sent to the electronic reader.
The electronic reader receives the device certificate, authenticates it and, if authentic, compares a portion of the indicia to ensure the certificate is truly intended for the recipient reader. If so, the device private key is installed as well as the authentication server public key; the remainder of the indicia and the encrypted device public key are stored and the reader is ready to ship.
Once the reader is received by the user, the user registers the reader with an appropriate entity having certificate authority such as the authentication server. This is accomplished by the device uploading the encrypted indicia and encrypted device public key, either directly or through another computer connected to the Internet. Once uploaded, the authentication server decrypts the device public key and authenticates the package using the factory public key. If authentic, it registers the device public key in the database. Additional user-specific information is typically encoded by the authentication server to generate a user certificate, which is encrypted with the device public key and signed by the private key of the certificate authority. The User Certificate contains a different public/private key pair that will be used for decrypting content. The public key is registered in the authentication server database, and the private key is put into a secure archive. The sequence number of the certificate is set to a low number. The user certificate is then provided to and installed by the reader. The user certificate is then decrypted and authenticated with the device private key and the authentication server public key both installed at the factory, and the result of the authentication process is provided to the authentication server. If successful, the user certificate is now associated with the specific electronic reader and the process completes.
If at some later time the electronic reader needs to be serviced or replaced for any reason, the user initiates a certificate movement which causes the authentication server to start a revocation process. The revocation process generates a revocation certificate. The certificate is sent to the first device where it is decrypted and authenticated. The device responds back to the authentication server or other appropriate certificating authority with a revocation acknowledge, and the authentication server authenticates the response. If authenticated, the revocation is recorded as successful and the first reader is no longer authorized to view the protected information.
The authentication server or other certificating authority then generates a new user certificate using the old public and private keys This is done by looking up the user""s public key in the key database, and retrieving the private key from the secure archive. It also looks up the sequence number of the user certificate and increases the value. The new sequence number is built into the customer certificate. The new user certificate is then sent to and installed by the second device, after which the second device sends a confirmation to the authentication server. This permits the user to continue to exercise all rights he had with the first unit, including reading, downloading or otherwise using the protected information in any permissible way.
The foregoing summary of the present invention may be better appreciated from the following Detailed Description of the Invention, taken together with the attached Figures.